[OE-core] [PATCH] ffmpeg: fix CVE-2021-38114
backport from upstream Signed-off-by: Kiran Surendran --- .../ffmpeg/ffmpeg/fix-CVE-2021-38114.patch| 67 +++ meta/recipes-multimedia/ffmpeg/ffmpeg_4.4.bb | 3 +- 2 files changed, 69 insertions(+), 1 deletion(-) create mode 100644 meta/recipes-multimedia/ffmpeg/ffmpeg/fix-CVE-2021-38114.patch diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg/fix-CVE-2021-38114.patch b/meta/recipes-multimedia/ffmpeg/ffmpeg/fix-CVE-2021-38114.patch new file mode 100644 index 00..ab3ecfecbb --- /dev/null +++ b/meta/recipes-multimedia/ffmpeg/ffmpeg/fix-CVE-2021-38114.patch @@ -0,0 +1,67 @@ +CVE: CVE-2021-38114 +Upstream-Status: Backport +Signed-off-by: Kiran Surendran + +From 463dbe4e78cc560ca5b09f23a07add0eb78ccee8 Mon Sep 17 00:00:00 2001 +From: maryam ebr +Date: Tue, 3 Aug 2021 01:05:47 -0400 +Subject: [PATCH] avcodec/dnxhddec: check and propagate function return value + +Similar to CVE-2013-0868, here return value check for 'init_vlc' is needed. +crafted DNxHD data can cause unspecified impact. + +Reviewed-by: Paul B Mahol +Signed-off-by: James Almer +--- + libavcodec/dnxhddec.c | 22 +++--- + 1 file changed, 15 insertions(+), 7 deletions(-) + +diff --git a/libavcodec/dnxhddec.c b/libavcodec/dnxhddec.c +index c78d55aee5..9b475a6979 100644 +--- a/libavcodec/dnxhddec.c b/libavcodec/dnxhddec.c +@@ -112,6 +112,7 @@ static av_cold int dnxhd_decode_init(AVCodecContext *avctx) + + static int dnxhd_init_vlc(DNXHDContext *ctx, uint32_t cid, int bitdepth) + { ++int ret; + if (cid != ctx->cid) { + const CIDEntry *cid_table = ff_dnxhd_get_cid_table(cid); + +@@ -132,19 +133,26 @@ static int dnxhd_init_vlc(DNXHDContext *ctx, uint32_t cid, int bitdepth) + ff_free_vlc(>dc_vlc); + ff_free_vlc(>run_vlc); + +-init_vlc(>ac_vlc, DNXHD_VLC_BITS, 257, ++if ((ret = init_vlc(>ac_vlc, DNXHD_VLC_BITS, 257, + ctx->cid_table->ac_bits, 1, 1, +- ctx->cid_table->ac_codes, 2, 2, 0); +-init_vlc(>dc_vlc, DNXHD_DC_VLC_BITS, bitdepth > 8 ? 14 : 12, ++ ctx->cid_table->ac_codes, 2, 2, 0)) < 0) ++goto out; ++if ((ret = init_vlc(>dc_vlc, DNXHD_DC_VLC_BITS, bitdepth > 8 ? 14 : 12, + ctx->cid_table->dc_bits, 1, 1, +- ctx->cid_table->dc_codes, 1, 1, 0); +-init_vlc(>run_vlc, DNXHD_VLC_BITS, 62, ++ ctx->cid_table->dc_codes, 1, 1, 0)) < 0) ++goto out; ++if ((ret = init_vlc(>run_vlc, DNXHD_VLC_BITS, 62, + ctx->cid_table->run_bits, 1, 1, +- ctx->cid_table->run_codes, 2, 2, 0); ++ ctx->cid_table->run_codes, 2, 2, 0)) < 0) ++goto out; + + ctx->cid = cid; + } +-return 0; ++ret = 0; ++out: ++if (ret < 0) ++av_log(ctx->avctx, AV_LOG_ERROR, "init_vlc failed\n"); ++return ret; + } + + static int dnxhd_get_profile(int cid) +-- +2.31.1 + diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg_4.4.bb b/meta/recipes-multimedia/ffmpeg/ffmpeg_4.4.bb index 0c6af6549d..c0318ef01d 100644 --- a/meta/recipes-multimedia/ffmpeg/ffmpeg_4.4.bb +++ b/meta/recipes-multimedia/ffmpeg/ffmpeg_4.4.bb @@ -31,7 +31,8 @@ SRC_URI = "https://www.ffmpeg.org/releases/${BP}.tar.xz \ file://fix-CVE-2020-22021.patch \ file://fix-CVE-2020-22033-CVE-2020-22019.patch \ file://fix-CVE-2021-33815.patch \ - file://fix-CVE-2021-38171.patch \ + file://fix-CVE-2021-38171.patch \ + file://fix-CVE-2021-38114.patch \ " SRC_URI[sha256sum] = "06b10a183ce5371f915c6bb15b7b1fffbe046e8275099c96affc29e17645d909" -- 2.31.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#157088): https://lists.openembedded.org/g/openembedded-core/message/157088 Mute This Topic: https://lists.openembedded.org/mt/86420133/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] [PATCH] ffmpeg: fix CVE-2021-38114
Ah yes sorry, tried to use the same patch I made for hardknott, I'll send the correct one for 4.4 Regards, Kiran On 10/8/21 5:12 PM, Richard Purdie wrote: [Please note: This e-mail is from an EXTERNAL e-mail address] On Fri, 2021-10-08 at 09:48 -0700, Kiran Surendran wrote: backport from upstream Signed-off-by: Kiran Surendran --- .../ffmpeg/ffmpeg/fix-CVE-2021-38114.patch| 67 +++ .../recipes-multimedia/ffmpeg/ffmpeg_4.3.2.bb | 3 +- 2 files changed, 69 insertions(+), 1 deletion(-) create mode 100644 meta/recipes-multimedia/ffmpeg/ffmpeg/fix-CVE-2021-38114.patch Master has 4.4 so this doesnt apply? Which release was this targeted at? Cheers, Richard -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#156787): https://lists.openembedded.org/g/openembedded-core/message/156787 Mute This Topic: https://lists.openembedded.org/mt/86175257/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH] ffmpeg: fix CVE-2021-38114
backport from upstream Signed-off-by: Kiran Surendran --- .../ffmpeg/ffmpeg/fix-CVE-2021-38114.patch| 67 +++ .../recipes-multimedia/ffmpeg/ffmpeg_4.3.2.bb | 3 +- 2 files changed, 69 insertions(+), 1 deletion(-) create mode 100644 meta/recipes-multimedia/ffmpeg/ffmpeg/fix-CVE-2021-38114.patch diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg/fix-CVE-2021-38114.patch b/meta/recipes-multimedia/ffmpeg/ffmpeg/fix-CVE-2021-38114.patch new file mode 100644 index 00..3de7cf7e0f --- /dev/null +++ b/meta/recipes-multimedia/ffmpeg/ffmpeg/fix-CVE-2021-38114.patch @@ -0,0 +1,67 @@ +CVE: CVE-2021-38114 +Upstream-Status: Backport +Signed-off-by: Kiran Surendran + +From 662aef4aacf23b4be4c1cfaebd837e225b357e51 Mon Sep 17 00:00:00 2001 +From: maryam ebr +Date: Tue, 3 Aug 2021 01:05:47 -0400 +Subject: [PATCH] avcodec/dnxhddec: check and propagate function return value + +Similar to CVE-2013-0868, here return value check for 'init_vlc' is needed. +crafted DNxHD data can cause unspecified impact. + +Reviewed-by: Paul B Mahol +Signed-off-by: James Almer +--- + libavcodec/dnxhddec.c | 22 +++--- + 1 file changed, 15 insertions(+), 7 deletions(-) + +diff --git a/libavcodec/dnxhddec.c b/libavcodec/dnxhddec.c +index e5d01e2e71..54f894f81b 100644 +--- a/libavcodec/dnxhddec.c b/libavcodec/dnxhddec.c +@@ -110,6 +110,7 @@ static av_cold int dnxhd_decode_init(AVCodecContext *avctx) + + static int dnxhd_init_vlc(DNXHDContext *ctx, uint32_t cid, int bitdepth) + { ++int ret; + if (cid != ctx->cid) { + int index; + +@@ -129,19 +130,26 @@ static int dnxhd_init_vlc(DNXHDContext *ctx, uint32_t cid, int bitdepth) + ff_free_vlc(>dc_vlc); + ff_free_vlc(>run_vlc); + +-init_vlc(>ac_vlc, DNXHD_VLC_BITS, 257, ++if ((ret = init_vlc(>ac_vlc, DNXHD_VLC_BITS, 257, + ctx->cid_table->ac_bits, 1, 1, +- ctx->cid_table->ac_codes, 2, 2, 0); +-init_vlc(>dc_vlc, DNXHD_DC_VLC_BITS, bitdepth > 8 ? 14 : 12, ++ ctx->cid_table->ac_codes, 2, 2, 0)) < 0) ++goto out; ++if ((ret = init_vlc(>dc_vlc, DNXHD_DC_VLC_BITS, bitdepth > 8 ? 14 : 12, + ctx->cid_table->dc_bits, 1, 1, +- ctx->cid_table->dc_codes, 1, 1, 0); +-init_vlc(>run_vlc, DNXHD_VLC_BITS, 62, ++ ctx->cid_table->dc_codes, 1, 1, 0)) < 0) ++goto out; ++if ((ret = init_vlc(>run_vlc, DNXHD_VLC_BITS, 62, + ctx->cid_table->run_bits, 1, 1, +- ctx->cid_table->run_codes, 2, 2, 0); ++ ctx->cid_table->run_codes, 2, 2, 0)) < 0) ++goto out; + + ctx->cid = cid; + } +-return 0; ++ret = 0; ++out: ++if (ret < 0) ++av_log(ctx->avctx, AV_LOG_ERROR, "init_vlc failed\n"); ++return ret; + } + + static int dnxhd_get_profile(int cid) +-- +2.31.1 + diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg_4.3.2.bb b/meta/recipes-multimedia/ffmpeg/ffmpeg_4.3.2.bb index 0a49493abd..7df356946b 100644 --- a/meta/recipes-multimedia/ffmpeg/ffmpeg_4.3.2.bb +++ b/meta/recipes-multimedia/ffmpeg/ffmpeg_4.3.2.bb @@ -31,7 +31,8 @@ SRC_URI = "https://www.ffmpeg.org/releases/${BP}.tar.xz \ file://fix-CVE-2020-22015.patch \ file://fix-CVE-2020-22021.patch \ file://fix-CVE-2020-22033-CVE-2020-22019.patch \ - " + file://fix-CVE-2021-38114.patch \ + " SRC_URI[sha256sum] = "46e4e64f1dd0233cbc0934b9f1c0da676008cad34725113fb7f802cfa84ccddb" # Build fails when thumb is enabled: https://bugzilla.yoctoproject.org/show_bug.cgi?id=7717 -- 2.31.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#156783): https://lists.openembedded.org/g/openembedded-core/message/156783 Mute This Topic: https://lists.openembedded.org/mt/86175257/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH] ffmpeg: fix CVE-2021-38171
backport from upstream Signed-off-by: Kiran Surendran --- .../ffmpeg/ffmpeg/fix-CVE-2021-38171.patch| 42 +++ meta/recipes-multimedia/ffmpeg/ffmpeg_4.4.bb | 3 +- 2 files changed, 44 insertions(+), 1 deletion(-) create mode 100644 meta/recipes-multimedia/ffmpeg/ffmpeg/fix-CVE-2021-38171.patch diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg/fix-CVE-2021-38171.patch b/meta/recipes-multimedia/ffmpeg/ffmpeg/fix-CVE-2021-38171.patch new file mode 100644 index 00..d82f3a4b63 --- /dev/null +++ b/meta/recipes-multimedia/ffmpeg/ffmpeg/fix-CVE-2021-38171.patch @@ -0,0 +1,42 @@ +CVE: CVE-2021-38171 +Upstream-Status: Backport +Signed-off-by: Kiran Surendran + +From fb993619d1035fa9646506925ea70fb122038999 Mon Sep 17 00:00:00 2001 +From: maryam ebrahimzadeh +Date: Wed, 4 Aug 2021 16:15:18 -0400 +Subject: [PATCH] avformat/adtsenc: return value check for init_get_bits in + adts_decode_extradata + +As the second argument for init_get_bits (buf) can be crafted, a return value check for this function call is necessary. +'buf' is part of 'AVPacket pkt'. +replace init_get_bits with init_get_bits8. + +Signed-off-by: Michael Niedermayer +(cherry picked from commit 9ffa49496d1aae4cbbb387aac28a9e061a6ab0a6) +Signed-off-by: Michael Niedermayer +--- + libavformat/adtsenc.c | 6 -- + 1 file changed, 4 insertions(+), 2 deletions(-) + +diff --git a/libavformat/adtsenc.c b/libavformat/adtsenc.c +index 3595cb3bb2..c35a12a628 100644 +--- a/libavformat/adtsenc.c b/libavformat/adtsenc.c +@@ -51,9 +51,11 @@ static int adts_decode_extradata(AVFormatContext *s, ADTSContext *adts, const ui + GetBitContext gb; + PutBitContext pb; + MPEG4AudioConfig m4ac; +-int off; ++int off, ret; + +-init_get_bits(, buf, size * 8); ++ret = init_get_bits8(, buf, size); ++if (ret < 0) ++return ret; + off = avpriv_mpeg4audio_get_config2(, buf, size, 1, s); + if (off < 0) + return off; +-- +2.31.1 + diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg_4.4.bb b/meta/recipes-multimedia/ffmpeg/ffmpeg_4.4.bb index fc1834c00b..0c6af6549d 100644 --- a/meta/recipes-multimedia/ffmpeg/ffmpeg_4.4.bb +++ b/meta/recipes-multimedia/ffmpeg/ffmpeg_4.4.bb @@ -31,7 +31,8 @@ SRC_URI = "https://www.ffmpeg.org/releases/${BP}.tar.xz \ file://fix-CVE-2020-22021.patch \ file://fix-CVE-2020-22033-CVE-2020-22019.patch \ file://fix-CVE-2021-33815.patch \ - " + file://fix-CVE-2021-38171.patch \ + " SRC_URI[sha256sum] = "06b10a183ce5371f915c6bb15b7b1fffbe046e8275099c96affc29e17645d909" # Build fails when thumb is enabled: https://bugzilla.yoctoproject.org/show_bug.cgi?id=7717 -- 2.31.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#156282): https://lists.openembedded.org/g/openembedded-core/message/156282 Mute This Topic: https://lists.openembedded.org/mt/85823465/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH] ffmpeg: fix CVE-2021-38171
backport from upstream Signed-off-by: Kiran Surendran --- .../ffmpeg/ffmpeg/fix-CVE-2021-38171.patch| 42 +++ meta/recipes-multimedia/ffmpeg/ffmpeg_4.4.bb | 3 +- 2 files changed, 44 insertions(+), 1 deletion(-) create mode 100644 meta/recipes-multimedia/ffmpeg/ffmpeg/fix-CVE-2021-38171.patch diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg/fix-CVE-2021-38171.patch b/meta/recipes-multimedia/ffmpeg/ffmpeg/fix-CVE-2021-38171.patch new file mode 100644 index 00..d82f3a4b63 --- /dev/null +++ b/meta/recipes-multimedia/ffmpeg/ffmpeg/fix-CVE-2021-38171.patch @@ -0,0 +1,42 @@ +CVE: CVE-2021-38171 +Upstream-Status: Backport +Signed-off-by: Kiran Surendran + +From fb993619d1035fa9646506925ea70fb122038999 Mon Sep 17 00:00:00 2001 +From: maryam ebrahimzadeh +Date: Wed, 4 Aug 2021 16:15:18 -0400 +Subject: [PATCH] avformat/adtsenc: return value check for init_get_bits in + adts_decode_extradata + +As the second argument for init_get_bits (buf) can be crafted, a return value check for this function call is necessary. +'buf' is part of 'AVPacket pkt'. +replace init_get_bits with init_get_bits8. + +Signed-off-by: Michael Niedermayer +(cherry picked from commit 9ffa49496d1aae4cbbb387aac28a9e061a6ab0a6) +Signed-off-by: Michael Niedermayer +--- + libavformat/adtsenc.c | 6 -- + 1 file changed, 4 insertions(+), 2 deletions(-) + +diff --git a/libavformat/adtsenc.c b/libavformat/adtsenc.c +index 3595cb3bb2..c35a12a628 100644 +--- a/libavformat/adtsenc.c b/libavformat/adtsenc.c +@@ -51,9 +51,11 @@ static int adts_decode_extradata(AVFormatContext *s, ADTSContext *adts, const ui + GetBitContext gb; + PutBitContext pb; + MPEG4AudioConfig m4ac; +-int off; ++int off, ret; + +-init_get_bits(, buf, size * 8); ++ret = init_get_bits8(, buf, size); ++if (ret < 0) ++return ret; + off = avpriv_mpeg4audio_get_config2(, buf, size, 1, s); + if (off < 0) + return off; +-- +2.31.1 + diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg_4.4.bb b/meta/recipes-multimedia/ffmpeg/ffmpeg_4.4.bb index fc1834c00b..0c6af6549d 100644 --- a/meta/recipes-multimedia/ffmpeg/ffmpeg_4.4.bb +++ b/meta/recipes-multimedia/ffmpeg/ffmpeg_4.4.bb @@ -31,7 +31,8 @@ SRC_URI = "https://www.ffmpeg.org/releases/${BP}.tar.xz \ file://fix-CVE-2020-22021.patch \ file://fix-CVE-2020-22033-CVE-2020-22019.patch \ file://fix-CVE-2021-33815.patch \ - " + file://fix-CVE-2021-38171.patch \ + " SRC_URI[sha256sum] = "06b10a183ce5371f915c6bb15b7b1fffbe046e8275099c96affc29e17645d909" # Build fails when thumb is enabled: https://bugzilla.yoctoproject.org/show_bug.cgi?id=7717 -- 2.31.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#156273): https://lists.openembedded.org/g/openembedded-core/message/156273 Mute This Topic: https://lists.openembedded.org/mt/85823465/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [hardknott][PATCH] ffmpeg: fix CVE-2021-38114
backport from upstream Signed-off-by: Kiran Surendran --- .../ffmpeg/ffmpeg/fix-CVE-2021-38114.patch| 67 +++ .../recipes-multimedia/ffmpeg/ffmpeg_4.3.2.bb | 3 +- 2 files changed, 69 insertions(+), 1 deletion(-) create mode 100644 meta/recipes-multimedia/ffmpeg/ffmpeg/fix-CVE-2021-38114.patch diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg/fix-CVE-2021-38114.patch b/meta/recipes-multimedia/ffmpeg/ffmpeg/fix-CVE-2021-38114.patch new file mode 100644 index 00..3de7cf7e0f --- /dev/null +++ b/meta/recipes-multimedia/ffmpeg/ffmpeg/fix-CVE-2021-38114.patch @@ -0,0 +1,67 @@ +CVE: CVE-2021-38114 +Upstream-Status: Backport +Signed-off-by: Kiran Surendran + +From 662aef4aacf23b4be4c1cfaebd837e225b357e51 Mon Sep 17 00:00:00 2001 +From: maryam ebr +Date: Tue, 3 Aug 2021 01:05:47 -0400 +Subject: [PATCH] avcodec/dnxhddec: check and propagate function return value + +Similar to CVE-2013-0868, here return value check for 'init_vlc' is needed. +crafted DNxHD data can cause unspecified impact. + +Reviewed-by: Paul B Mahol +Signed-off-by: James Almer +--- + libavcodec/dnxhddec.c | 22 +++--- + 1 file changed, 15 insertions(+), 7 deletions(-) + +diff --git a/libavcodec/dnxhddec.c b/libavcodec/dnxhddec.c +index e5d01e2e71..54f894f81b 100644 +--- a/libavcodec/dnxhddec.c b/libavcodec/dnxhddec.c +@@ -110,6 +110,7 @@ static av_cold int dnxhd_decode_init(AVCodecContext *avctx) + + static int dnxhd_init_vlc(DNXHDContext *ctx, uint32_t cid, int bitdepth) + { ++int ret; + if (cid != ctx->cid) { + int index; + +@@ -129,19 +130,26 @@ static int dnxhd_init_vlc(DNXHDContext *ctx, uint32_t cid, int bitdepth) + ff_free_vlc(>dc_vlc); + ff_free_vlc(>run_vlc); + +-init_vlc(>ac_vlc, DNXHD_VLC_BITS, 257, ++if ((ret = init_vlc(>ac_vlc, DNXHD_VLC_BITS, 257, + ctx->cid_table->ac_bits, 1, 1, +- ctx->cid_table->ac_codes, 2, 2, 0); +-init_vlc(>dc_vlc, DNXHD_DC_VLC_BITS, bitdepth > 8 ? 14 : 12, ++ ctx->cid_table->ac_codes, 2, 2, 0)) < 0) ++goto out; ++if ((ret = init_vlc(>dc_vlc, DNXHD_DC_VLC_BITS, bitdepth > 8 ? 14 : 12, + ctx->cid_table->dc_bits, 1, 1, +- ctx->cid_table->dc_codes, 1, 1, 0); +-init_vlc(>run_vlc, DNXHD_VLC_BITS, 62, ++ ctx->cid_table->dc_codes, 1, 1, 0)) < 0) ++goto out; ++if ((ret = init_vlc(>run_vlc, DNXHD_VLC_BITS, 62, + ctx->cid_table->run_bits, 1, 1, +- ctx->cid_table->run_codes, 2, 2, 0); ++ ctx->cid_table->run_codes, 2, 2, 0)) < 0) ++goto out; + + ctx->cid = cid; + } +-return 0; ++ret = 0; ++out: ++if (ret < 0) ++av_log(ctx->avctx, AV_LOG_ERROR, "init_vlc failed\n"); ++return ret; + } + + static int dnxhd_get_profile(int cid) +-- +2.31.1 + diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg_4.3.2.bb b/meta/recipes-multimedia/ffmpeg/ffmpeg_4.3.2.bb index 0a49493abd..7df356946b 100644 --- a/meta/recipes-multimedia/ffmpeg/ffmpeg_4.3.2.bb +++ b/meta/recipes-multimedia/ffmpeg/ffmpeg_4.3.2.bb @@ -31,7 +31,8 @@ SRC_URI = "https://www.ffmpeg.org/releases/${BP}.tar.xz \ file://fix-CVE-2020-22015.patch \ file://fix-CVE-2020-22021.patch \ file://fix-CVE-2020-22033-CVE-2020-22019.patch \ - " + file://fix-CVE-2021-38114.patch \ + " SRC_URI[sha256sum] = "46e4e64f1dd0233cbc0934b9f1c0da676008cad34725113fb7f802cfa84ccddb" # Build fails when thumb is enabled: https://bugzilla.yoctoproject.org/show_bug.cgi?id=7717 -- 2.31.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#156073): https://lists.openembedded.org/g/openembedded-core/message/156073 Mute This Topic: https://lists.openembedded.org/mt/85636451/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [hardknott][PATCH] ffmpeg: fix CVE-2021-38171
From: Kiran Surendran backport from upstream Signed-off-by: Kiran Surendran --- .../ffmpeg/ffmpeg/fix-CVE-2021-38171.patch| 40 +++ .../recipes-multimedia/ffmpeg/ffmpeg_4.3.2.bb | 3 +- 2 files changed, 42 insertions(+), 1 deletion(-) create mode 100644 meta/recipes-multimedia/ffmpeg/ffmpeg/fix-CVE-2021-38171.patch diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg/fix-CVE-2021-38171.patch b/meta/recipes-multimedia/ffmpeg/ffmpeg/fix-CVE-2021-38171.patch new file mode 100644 index 00..8775acd8c5 --- /dev/null +++ b/meta/recipes-multimedia/ffmpeg/ffmpeg/fix-CVE-2021-38171.patch @@ -0,0 +1,40 @@ +CVE: CVE-2021-38171 +Upstream-Status: Backport +Signed-off-by: Kiran Surendran + +From d5373a9efb10c1fa87698ee41370fb04dc2e410b Mon Sep 17 00:00:00 2001 +From: maryam ebrahimzadeh +Date: Wed, 4 Aug 2021 16:15:18 -0400 +Subject: [PATCH] avformat/adtsenc: return value check for init_get_bits in + adts_decode_extradata + +As the second argument for init_get_bits (buf) can be crafted, a return value check for this function call is necessary. +'buf' is part of 'AVPacket pkt'. +replace init_get_bits with init_get_bits8. + +Signed-off-by: Michael Niedermayer +--- + libavformat/adtsenc.c | 6 -- + 1 file changed, 4 insertions(+), 2 deletions(-) + +diff --git a/libavformat/adtsenc.c b/libavformat/adtsenc.c +index d937e2bea9..a1593515e1 100644 +--- a/libavformat/adtsenc.c b/libavformat/adtsenc.c +@@ -50,9 +50,11 @@ static int adts_decode_extradata(AVFormatContext *s, ADTSContext *adts, const ui + GetBitContext gb; + PutBitContext pb; + MPEG4AudioConfig m4ac; +-int off; ++int off, ret; + +-init_get_bits(, buf, size * 8); ++ret = init_get_bits8(, buf, size); ++if (ret < 0) ++return ret; + off = avpriv_mpeg4audio_get_config2(, buf, size, 1, s); + if (off < 0) + return off; +-- +2.31.1 + diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg_4.3.2.bb b/meta/recipes-multimedia/ffmpeg/ffmpeg_4.3.2.bb index 0a49493abd..7a027d43b9 100644 --- a/meta/recipes-multimedia/ffmpeg/ffmpeg_4.3.2.bb +++ b/meta/recipes-multimedia/ffmpeg/ffmpeg_4.3.2.bb @@ -31,7 +31,8 @@ SRC_URI = "https://www.ffmpeg.org/releases/${BP}.tar.xz \ file://fix-CVE-2020-22015.patch \ file://fix-CVE-2020-22021.patch \ file://fix-CVE-2020-22033-CVE-2020-22019.patch \ - " + file://fix-CVE-2021-38171.patch \ + " SRC_URI[sha256sum] = "46e4e64f1dd0233cbc0934b9f1c0da676008cad34725113fb7f802cfa84ccddb" # Build fails when thumb is enabled: https://bugzilla.yoctoproject.org/show_bug.cgi?id=7717 -- 2.31.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#156063): https://lists.openembedded.org/g/openembedded-core/message/156063 Mute This Topic: https://lists.openembedded.org/mt/85630247/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [hardknott][PATCH] ffmpeg: fix CVE-2021-38291
From: Kiran Surendran backport from upstream Signed-off-by: Kiran Surendran --- .../ffmpeg/ffmpeg/fix-CVE-2021-38291.patch| 54 +++ .../recipes-multimedia/ffmpeg/ffmpeg_4.3.2.bb | 1 + 2 files changed, 55 insertions(+) create mode 100644 meta/recipes-multimedia/ffmpeg/ffmpeg/fix-CVE-2021-38291.patch diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg/fix-CVE-2021-38291.patch b/meta/recipes-multimedia/ffmpeg/ffmpeg/fix-CVE-2021-38291.patch new file mode 100644 index 00..ef1c760286 --- /dev/null +++ b/meta/recipes-multimedia/ffmpeg/ffmpeg/fix-CVE-2021-38291.patch @@ -0,0 +1,54 @@ +CVE: CVE-2021-38291 +Upstream-Status: Backport +Signed-off-by: Kiran Surendran + +From e908bdb157fa493be2b50e2a11055d19c5254a15 Mon Sep 17 00:00:00 2001 +From: James Almer +Date: Wed, 21 Jul 2021 01:02:44 -0300 +Subject: [PATCH] avcodec/utils: don't return negative values in + av_get_audio_frame_duration() + +In some extrme cases, like with adpcm_ms samples with an extremely high channel +count, get_audio_frame_duration() may return a negative frame duration value. +Don't propagate it, and instead return 0, signaling that a duration could not +be determined. + +Fixes ticket #9312 + +Signed-off-by: James Almer +--- + libavcodec/utils.c | 6 -- + 1 file changed, 4 insertions(+), 2 deletions(-) + +diff --git a/libavcodec/utils.c b/libavcodec/utils.c +index 81e34254e8..5fdb10fe09 100644 +--- a/libavcodec/utils.c b/libavcodec/utils.c +@@ -1776,20 +1776,22 @@ static int get_audio_frame_duration(enum AVCodecID id, int sr, int ch, int ba, + + int av_get_audio_frame_duration(AVCodecContext *avctx, int frame_bytes) + { +-return get_audio_frame_duration(avctx->codec_id, avctx->sample_rate, ++int duration = get_audio_frame_duration(avctx->codec_id, avctx->sample_rate, + avctx->channels, avctx->block_align, + avctx->codec_tag, avctx->bits_per_coded_sample, + avctx->bit_rate, avctx->extradata, avctx->frame_size, + frame_bytes); ++return FFMAX(0, duration); + } + + int av_get_audio_frame_duration2(AVCodecParameters *par, int frame_bytes) + { +-return get_audio_frame_duration(par->codec_id, par->sample_rate, ++int duration = get_audio_frame_duration(par->codec_id, par->sample_rate, + par->channels, par->block_align, + par->codec_tag, par->bits_per_coded_sample, + par->bit_rate, par->extradata, par->frame_size, + frame_bytes); ++return FFMAX(0, duration); + } + + #if !HAVE_THREADS +-- +2.25.1 + diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg_4.3.2.bb b/meta/recipes-multimedia/ffmpeg/ffmpeg_4.3.2.bb index 0a49493abd..3e7ceb859f 100644 --- a/meta/recipes-multimedia/ffmpeg/ffmpeg_4.3.2.bb +++ b/meta/recipes-multimedia/ffmpeg/ffmpeg_4.3.2.bb @@ -31,6 +31,7 @@ SRC_URI = "https://www.ffmpeg.org/releases/${BP}.tar.xz \ file://fix-CVE-2020-22015.patch \ file://fix-CVE-2020-22021.patch \ file://fix-CVE-2020-22033-CVE-2020-22019.patch \ + file://fix-CVE-2021-38291.patch \ " SRC_URI[sha256sum] = "46e4e64f1dd0233cbc0934b9f1c0da676008cad34725113fb7f802cfa84ccddb" -- 2.31.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#155865): https://lists.openembedded.org/g/openembedded-core/message/155865 Mute This Topic: https://lists.openembedded.org/mt/85489749/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-